The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Yangyuan Lin says
Symmetric session key will require one bit added each year because the total processing speed of microprocessors is doubling roughly every year,therefore,30 years to be considered 130 bits long.
Shubham Patil says
Lin,
I found this interesting that a 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 encryption code possibilities. As you can imagine, a ‘brute force’ attack (in which an attacker tries every possible key until they find the right one) would take quite a bit of time to break a 128-bit key.
Shubham Patil says
Symmetric encryption (or pre-shared key encryption) uses a single key to both encrypt and decrypt data. Both the sender and the receiver need the same key to communicate.
If the total processing speed of microprocessors is doubling every year and the current symmetric key session is 100 bits, after 30 years it would 130 bits as one bit is added every year. The larger the key size, the harder the key is to crack.
Elizabeth Gutierrez says
Hi Shubham,
I’m glad that you brought up encryption because it is essential to ensure the security of data. Our readings address that a symmetric session key allows the encryptor to set a ket that matches the one used for decryption. However, as you mentioned the idea of brute force in one of your comments, the form of encryption algorithm used is vulnerable and can be exploited by brute force; this can occur via a dictionary list or the generation of random character values that are tested against the data provided. With this in mind, it provides me with a better understanding for why a larger key size is beneficial given that they are harder to crack.
Elizabeth Gutierrez says
The addition of one bit to the length of the symmetric key in 1 year is more than enough to make the key strong because each additional bit doubles the effective search time. Even by doubling the speed, the processor can still not crack the number of combinations that will be formed. Therefore, if a bit is added to the key length per year, the length of the symmetric session key will be 130 bits after 30 years I believe you can also find the length of the session key by using the compound interest formula.
Oluwaseun Soyomokun says
A symmetric session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. Session keys are sometimes called symmetric keys because the same key is used for both encryption and decryption.
At this point a 128 bit symmetric session keys encryption algorithms requires a 100 bit character length to be strong. The longer the secret key, the harder it is for an attacker to guess via brute force attack. However, AES-256 is not just twice as strong as AES-128. So AES-128 has an effective key space of 2^64, by considering the clock rate and circuits in adding a bit to the algorithm length been added every year. I will be 130bits in 30 years.
Yangyuan Lin says
Hi Oluwaseun,
I think the formula you use 2^n/2 will tell you the number of key combinations, so 2^128/2 will be a large number of key combinations, and increasing the value by 1 every year makes it significantly more difficult to crack.